Monday, September 25, 2023
Home Tags OWASP 24/7

Tag: OWASP 24/7

OWASP Podcast

ep2023-08 Finding Next Gen Cybersecurity Professionals with Brad Causey

For years we've heard talk about a shortage of cybersecurity professionals so what can be done about that? In this episode, I speak to Brad Causey who has taken one approach he's found successful. We cover the trade-offs of...
OWASP Podcast

ep2023-07 What’s Audit got to do with IT

In this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What...
OWASP Podcast

SBOMS, CycloneDX and Dependency Track: Automation for Survival with Steve Springett

Software supply chain seems to be front and center for technologists, cybersecurity and many governments. One of the early pioneers in this space was Steve Springett with two highly successful projects: OWASP Dependency Track and CycloneDX. In this episode,...
OWASP Podcast

AppSec at 40,000 feet

In this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership...
OWASP Podcast

2023-04 Rethinking WAFs: OWASP Coraza

WAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some Go code...
OWASP Podcast

2023-03 Point of Scary – the POS ecosystem

In this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your...
OWASP Podcast

2023-02 Isolation is just PEACHy

In this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate...
OWASP Podcast

OWASP Ep 2023-01: Audit, Compliance and automation, Oh my!

In this episode, I speak with Caleb Queern, one of the authors of "Investments Unlimited" a book I highly recommend you get and read. While the book is fiction, there's a great deal of truth in the story about...
OWASP Podcast

2022 Year in Review

In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes...
OWASP Podcast

You've got some Kubernetes in my AppSec!

In this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not...
OWASP Podcast

Little Zap of Horrors

In this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovely known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful...
OWASP Podcast

Breaching the wirefall with community

In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated...
Infosecurity Magazine

Almost US 900 Schools Breached Via MOVEit

National Student Clearinghouse reveals more details of incident

Don’t Get Burned by CAPTCHAs: A Recipe for Accurate Bot Protection

Traditional CAPTCHAs, such as reCAPTCHA, no longer protect online businesses adequately. Real users hate them. Bots bypass them. It's time to upgrade.
The Hacker News

New Report Uncovers Three Distinct Clusters of China-Nexus Attacks on Southeast Asian Government

An unnamed Southeast Asian government has been targeted by multiple China-nexus threat actors as part of espionage campaigns targeting the region over extended periods of time. "While this activity occurred around the same time and in some instances even simultaneously...
The Register

T-mobile exposes some customer data – but don’t call it a breach

PLUS: Trojan hidden in PoC; cyber insurance surge; pig butchering's new cuts; and the week's critical vulns Infosec in brief  T-Mobile has had another bad week on the infosec front – this time stemming from a system glitch that...

Cisco Disrupts Observability & Cybersecurity Markets with Splunk Acquisition

Cisco's acquisition of Splunk benefits Cisco's ongoing b shift towards more software and subscription-based services, but will cause churn in the market,